Convert password hashing from SHA to bcrypt

Question

This questions has been answered in this Stack Overflow question already, but it's not Grails-specific and is also kind of vague.

I set my Grails app up with Spring Security, but apparently didn't get the newest version, because it defaulted to SHA-256 instead of bcrypt. Now I have production data with passwords hashed in what seems to be a less-than-ideal method.

It's a piece of cake to enable bcrypt hashing:

Config.groovy > grails.plugins.springsecurity.password.algorithm = 'bcrypt'

but now I need the app to convert the old hashes into new ones. Fundamentally, I understand that when a user logs in, I should have the app check to see if the password is an SHA-256 hash, and if so, re-hash the entered password with bcrypt. After a while, they'll all be upgraded and that code can be removed.

What is the actual code for determining if a password hash is from SHA-256 or bcrypt, though?

EDIT

That is to say, what is the actual function that I call to get a hash? How do I bcrypt(incomingpassword) to see if it matches the existing password hash?

Answer 1

bcrypt passwords will start with "$2a$10$" and be 60 chars long. There is no pattern for SHA-256, but it will be 64 chars long.